Legal claims defining the scope of protection, as filed with the USPTO.
1. A method for secure processing of data in a portable data carrier, wherein the following steps are performed in the portable data carrier, which is a chip card having a processor: receiving data to be stored in the portable data carrier from an external terminal; creating a cryptographic key including an encryption key and a decryption key, wherein the encryption key is identical to the decryption key or the encryption key is different from the decryption key; encrypting the data to be stored using the encryption key; temporarily storing the encrypted data and the cryptographic key in a temporary, non-volatile memory area of the portable data carrier; decrypting the temporarily stored encrypted data using the decryption key; and copying the decrypted data from the temporary memory area to a target memory area of the non-volatile memory; wherein: in response to an interruption of the decrypting process and the decryption key being present in a non-volatile memory, continuing the decrypting process of encrypted data, after the interruption has been removed, and deleting the decryption key after the decrypting process has been entirely completed; in response to an interruption of processing of the temporarily storing the encrypted data into a non-volatile memory, deleting the cryptographic key to secure the encrypted data; and in response to an interruption of processing by an interruption of a power supply of the portable data carrier and the decryption key being present in a volatile memory, deleting the decryption key present in the volatile memory as a direct consequence of the interruption of the power supply, and in response to the decryption key being present in a non-volatile memory, deleting the decryption key after removal of the interruption.
2. The method according to claim 1 , wherein the decryption of the encrypted data is effected immediately subsequent to the temporary storing of the encrypted data.
3. The method according to claim 1 , wherein the decryption key is deleted after the proper completion of the processing.
4. The method according to claim 1 , wherein, in case the temporary storing is interrupted, the decryption key is deleted.
5. The method according to claim 4 , wherein, in case the temporary storing is interrupted, the decryption key is deleted by an active delete operation.
6. The method according to claim 5 , wherein the deletion is effected with the occurrence of the interruption of the temporary storing or immediately after removal of the interruption of the temporary storing.
7. The method according to claim 1 , wherein the target memory area is located within a memory area of a data system in the non-volatile memory of the portable data carrier.
8. The method according to claim 7 , wherein the temporary memory area is locally formed within the memory area of the data system as a memory area associated with the target memory area.
9. The method according to claim 7 , wherein the temporary memory area is globally formed outside the memory area of the data system as a reserved memory area.
10. The method according to claim 1 , wherein the temporary memory area is formed as a temporary memory area whose data only the processing control can access.
11. The method according to claim 1 , wherein the decryption key is stored in a key memory area of the temporary memory area.
12. The method according to claim 1 , wherein the decryption key is stored in a key memory area outside the temporary memory area.
13. The method according to claim 1 , wherein the encrypting and decrypting is carried out using a software module executable by a processor of the portable data carrier or of a hardware module of the data carrier.
14. A portable data carrier comprising: a processor, and a nonvolatile memory configured to store a processing control and a cryptographic function, the processing control and the cryptographic function being executable by the processor, said processing control being arranged to: receive data to be stored from an external terminal, create a cryptographic key including an encryption key and a decryption key, wherein the encryption key is identical to the decryption key or the encryption key is different from the decryption key, effect a temporary storing of the data to be processed and the cryptographic key in a temporary memory area of the data carrier in encrypted form, and copy the temporarily stored data as decrypted data to a target memory area of the non-volatile memory; and said cryptographic function being arranged to: encrypt the data to be temporarily stored in the temporary memory area with the encryption key, and to decrypt the encrypted data to be processed with the decryption key, wherein: in response to an interruption of the decrypting process and the decryption key being present in a non-volatile memory, the processing control is arranged to continue the decrypting process of encrypted data, after the interruption has been removed, and delete the decryption key after the decrypting process has been entirely completed; in response to an interruption of processing of the temporarily storing the encrypted data into a non-volatile memory, the processing control is arranged to delete the cryptographic key to secure the encrypted data; and in response to an interruption of processing by an interruption of a power supply of the portable data carrier and the decryption key being present in a volatile memory, the processing control is arranged to delete the decryption key present in the volatile memory as a direct consequence of the interruption of the power supply, and in response to the decryption key being present in a non-volatile memory, the processing control is arranged to delete the decryption key after removal of the interruption, and wherein the portable data carrier is a chip card.
15. The portable data carrier according to claim 14 , wherein the processing control is arranged to effect the decryption of the encrypted data immediately subsequent to the temporary storing of the encrypted data.
16. The portable data carrier according to claim 14 , wherein the processing control is arranged to delete the decryption key with an active delete operation when an interruption of the temporary storing occurs.
17. The portable data carrier according to claim 16 , wherein the processing control is arranged to delete the decryption key upon the occurrence of the interruption of the temporary storing or immediately after removal of an interruption of the temporary storing.
18. The portable data carrier according to claim 14 , wherein in the non-volatile memory a memory area of a data system is formed and the target memory area is formed within this memory area.
19. The portable data carrier according to claim 18 , wherein the temporary memory area is formed within the memory area of the data system and is associated with the target memory area as a local memory area.
20. The portable data carrier according to claim 18 , wherein the temporary memory area is formed as a global memory area in the nonvolatile memory outside the memory area of the data system.
21. The portable data carrier according to claim 14 , wherein the temporary memory area is formed as a temporary memory area whose data only the processing control can access.
22. The portable data carrier according to claim 14 , wherein the key memory area is formed in the temporary memory area.
23. The portable data carrier according to claim 14 , wherein the key memory area is formed outside the temporary memory area in the non-volatile memory.
24. The portable data carrier according to claim 14 , wherein the cryptographic function is formed as an operating-system module or as a hardware module of the chip card.
25. The method according to claim 1 , wherein the encryption key is identical to the decryption key.
26. The method according to claim 1 , wherein the encryption key is different from the decryption key.
27. The portable data carrier according to claim 14 , wherein the encryption key is identical to the decryption key.
28. The portable data carrier according to claim 14 , wherein the encryption key is different from the decryption key.
Unknown
March 17, 2015
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.